Mattia’s Dummie’s Corner - Understanding UNIX/Linux file permissions
In a UNIX/Linux operating system, file permissions represent a critical topic, but this concept can be very hard for beginners to understand, especially if they're used to Windows.
Thankfully, my Linux instructor did a great job with me, so now I can share this knowledge with you guys.
For this post, we're going to analyze the output of the ls command, which lists the contents of a directory.
For you to display file permissions, you need to use the ls -l command (the so-called long form of the ls command).
This is, IMHO, maybe the most important Linux command .
After a while, you'll get so used to it that you're never gonna use the simple ls anymore (that's my case, at least).
After a while, you'll get so used to it that you're never gonna use the simple ls anymore (that's my case, at least).
Let's analyze the contents of a directory:
 |
| Figure 1- Partial listing of my user folder (in OS X) |
What does this mess mean?
This listing must be split up into several components.
The leftmost first digit displays the file type.
Everything is a file in Linux, including devices, right?
You can see here two different file types:
- - indicates a regular file (which means any types of file: text/Word document, image file, video, etc.);
- d indicates a directory
There are other file types, too, (here for more details) but the foregoing are the most common ones.
Now let's move to the next nine digits in the above listing.
In Linux, each file has specific permissions, shown with reference to three different groups of users:
- The user who owns the file (mattia, under Fig.1)
- The group that user belongs to (staff, under Fig. 1)
- All other users on that computer (including abusive users).
 |
| Fig.2 -How to read permissions in a UNIX/Linux system |
Each group is given specific permissions, indicated with a letter:
- r (read), which is worth 4
- w (write), which is worth 2
- x (execute), which is worth 1.
When a permission is unassigned, it's replaced by a dash.
Now, if you consider the listing under Fig. 2, the first file is surely a directory (d). The user who it belongs to has read, write and execute permissions, the group it belongs to has read and execute permissions (notice the "-" where a "w" is supposed to be), and all the other users have read and execute permissions, too.
Permissions can be represented with a 3-digit number. Let's now consider Fig. 2 as our reference.
The file owner has read, write and execute permissions, so we get 4 (read) +2 (write)+1(execute)=7 for it. Its group has 4 (read)+1 (execute)=5 and all the other users, as well, have 4 (read)+1 (execute)=5.
The file owner has read, write and execute permissions, so we get 4 (read) +2 (write)+1(execute)=7 for it. Its group has 4 (read)+1 (execute)=5 and all the other users, as well, have 4 (read)+1 (execute)=5.
So, the overall permissions for that file are equal to 755, i.e. total control for owner (rwx), read and execute permissions for its group (r-x), read and execute permissions for all other users (r-x).
The same stands valid for the other files.
Let's now analyze permissions for the fifth file shown under Fig. 1 (Google-Fu.bash).
In this case, we're up with a regular file ("-" is the first digit), having 750 permissions. In fact, notice the third group of users was assigned no permissions at all (permissions for the other users are symbolized by three dashes ).
Let's now analyze permissions for the fifth file shown under Fig. 1 (Google-Fu.bash).
In this case, we're up with a regular file ("-" is the first digit), having 750 permissions. In fact, notice the third group of users was assigned no permissions at all (permissions for the other users are symbolized by three dashes ).
Hope this makes it easier for you to understand how permissions work in a UNIX/Linux environment.
Comments
Post a Comment